Simplified configuration process for .NET data flow analysis
AppScan on Cloud offers a new way to generate an .irx file for
scanning .NET applications, using dataflow analysis for .NET source code (C# and VB.NET),
Previously, when ASoC encountered a Visual Studio solution file
(.sln file), it built the solution and project(s) to generate the
.NET assemblies (.dll and .exe files), then processed
those .NET assemblies to produce the .irx file that was submitted for
analysis.
With this improved functionality, ASoC processes the Visual Studio
source code directly to produce the .irx file to be analyzed. This
results in:
- Faster
.irxgeneration. - Systems flexibility: availability of the build environment to compile the source code into .NET assemblies is not required.
- Source to Sink dataflow results for source code.
- Cross-platform .NET support.
All C# (.cs) and VB.NET (.vb) source files are processed
during the generation of the .irx file. After the .irx
is analyzed in AppScan on Cloud, results showing Source to Sink traces are
available in scan
results.
- Add a parameter to the
appscan preparecommand when using the Static Analyzer Command Line Utility:appscan.bat prepare -DNewDotNetEngine="false" - Specify an attribute in
appscan-config.xml:In the Configuration element:<Configuration NewDotNetEngine="false"> <Targets> <Target path="."/> </Targets> </Configuration>